iCal vulnerable to malicious .ics files

Discussion in 'OS X and OS X Apps' started by alvinrayyu, May 22, 2008.

  1. alvinrayyu

    alvinrayyu Active Member

    Joined:
    Aug 5, 2007
    Messages:
    1,490
    Likes Received:
    5
    iCal vulnerable to malicious .ics files

    http://www.macnn.com/articles/08/05/21/ical.vulnerable.to.bad.ics/

    A new vulnerability in iCal has been discovered that allows un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) the assistance from the end user of the application or to repeateadly execute a denial of service attack to crash the iCal application. Core Security writes that "the most serious of the three vulnerabilities is due to potential memory corruption resulting from an resource liberation bug that can be triggered with a malformed .ics calendar file specially crafted by a would-be attacker".

    The malicious file could either be hosted on a web server or e-mailed to the useras a standalone file. Until an official patch is available for download from Apple, iCal users are advised to only open .ics files from a known, verified source.
     
  2. surgfish

    surgfish Active Member

    Joined:
    Nov 8, 2006
    Messages:
    1,111
    Likes Received:
    0
    Location:
    Manila
    wat is an ics file btw.
     
  3. PatrickGaerlan

    PatrickGaerlan Super Moderator
    Staff Member

    Joined:
    Apr 8, 2004
    Messages:
    5,363
    Likes Received:
    89
    An .ics file is a calendar file (readable by iCal), much like a vcard is used for contacts.
     
  4. surgfish

    surgfish Active Member

    Joined:
    Nov 8, 2006
    Messages:
    1,111
    Likes Received:
    0
    Location:
    Manila
    I had an experience where iCal screwed up my iphone. You think this is the case?
     
  5. PatrickGaerlan

    PatrickGaerlan Super Moderator
    Staff Member

    Joined:
    Apr 8, 2004
    Messages:
    5,363
    Likes Received:
    89
    Did you receive or download an .ics file and imported it into iCal by double-clicking it?
     

Share This Page

  • About PhilMUG

    Since the mid-1990s, PhilMUG (formerly the Philippine Macintosh Users Group) has grown to become not just the Philippines’ but one of the world’s foremost Apple user groups. Our online community brings together thousands of members from the Philippines and around the world for the latest news and discussions covering all Apple products and related hardware and software. Anyone can join PhilMUG, from newbies to experts, subject to our membership rules and guidelines.
  • Like us on Facebook

  • Buy us a beer!

    The staff works very hard to make sure that PhilMUG is running 24/7. Care to buy us a beer or help out with our hosting fees? We'd really appreciate it!

    Donate to us!